Bug 1583888 – CVE-2018-11233 git: path sanity check in is_ntfs_dotgit() can read arbitrary memory

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1583888 - (CVE-2018-11233) CVE-2018-11233 git: path sanity check in is_ntfs_dotgit() can read arbitrary memory

Summary:	CVE-2018-11233 git: path sanity check in is_ntfs_dotgit() can read arbitrary ...

Status:	CLOSED ERRATA

Aliases:	CVE-2018-11233

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20180530,repor...
Keywords:	Security

Depends On:	1583891 1584241 1583890 1593733
Blocks:	1583883
	Show dependency tree / graph

Reported:	2018-05-29 20:43 EDT by Sam Fowler
Modified:	2018-07-10 04:54 EDT (History)
CC List:	51 users (show)

See Also:
Fixed In Version:	git 2.13.7, git 2.14.4, git 2.15.2, git 2.16.4, git 2.17.1
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-07-10 04:54:18 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2147	None	None	None	2018-07-10 04:35 EDT

Groups: None (edit)

Description Sam Fowler 2018-05-29 20:43:05 EDT

Git before versions 2.13.7, 2.14.4, 2.15.2, 2.16.4 and 2.17.1 performs path
sanity-checks in is_ntfs_dotgit():path.c that can be fooled into reading
arbitrary memory.

Upstream announcement:
https://marc.info/?l=git&m=152761328506724&w=2

Comment 1 Sam Fowler 2018-05-29 21:11:16 EDT

Created git tracking bugs for this issue:

Affects: fedora-all [bug 1583890]

Comment 7 Riccardo Schirone 2018-05-31 07:25:38 EDT

Statement:

This issue did not affect the versions of git as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include the vulnerable code.

Comment 8 Fedora Update System 2018-06-01 08:04:37 EDT

git-2.17.1-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 15 Riccardo Schirone 2018-07-09 06:06:00 EDT

Patch:
https://github.com/git/git/commit/11a9f4d807a0d71dc6eff51bb87baf4ca2cccf1d

Comment 16 errata-xmlrpc 2018-07-10 04:34:50 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS

Via RHSA-2018:2147 https://access.redhat.com/errata/RHSA-2018:2147

Note You need to log in before you can comment on or make changes to this bug.

aileenc
alazarot
amahdal
anstephe
besser82
c.david86
chazlett
chrisw
dffrench
drieden
drusso
etirelli
gvarsami
hghasemb
hhorak
ibek
jbowes
jcoleman
jmadigan
jolee
jorton
jschatte
jshepherd
jstastny
kconner
krathod
kverlaen
ldimaggi
lgriffin
lpetrovi
ngough
nwallace
paradhya
pcahyna
pstodulk
pszubiak
pwright
rrajasek
rschiron
rsynek
rwagner
rzhang
sdaley
sfowler
skisela
tcunning
tjay
tkirby
tmz
trepel
vhalbert